This repository has been archived by the owner on Jul 29, 2024. It is now read-only.

Publish Python Package #77

	name: Publish Python Package

	on:
	workflow_dispatch:
	inputs:
	tag:
	description: 'Release Tag'
	required: true

	jobs:
	build:
	runs-on: ubuntu-latest
	outputs:
	hashes: ${{ steps.hash.outputs.hashes }}
	steps:
	- uses: actions/checkout@v4
	with:
	ref: ${{ inputs.tag }}
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: '3.x'
	- name: Install dependencies
	run: \|
	python -m pip install --upgrade pip
	pip install setuptools wheel twine
	- name: Build
	run: \|
	python setup.py sdist bdist_wheel
	- name: "Generate hashes"
	id: hash
	run: \|
	cd dist && echo "hashes=$(sha256sum * \| base64 -w0)" >> $GITHUB_OUTPUT
	- uses: actions/upload-artifact@v4
	with:
	name: build
	path: ./dist

	provenance_python:
	needs: [build]
	permissions:
	actions: read
	contents: write
	id-token: write # Needed to access the workflow's OIDC identity.
	uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
	with:
	base64-subjects: "${{ needs.build.outputs.hashes }}"
	upload-assets: true
	upload-tag-name: ${{ inputs.tag }} # Tag from the initiation of the workflow

	publish-python-package-to-release:
	runs-on: ubuntu-latest
	needs: ['build']
	permissions:
	contents: write
	steps:
	- uses: actions/checkout@v4
	with:
	ref: ${{ inputs.tag }}
	- uses: actions/download-artifact@v4
	with:
	name: build
	path: ./artifact
	- name: Upload dist to release
	run: \|
	gh release upload ${{ inputs.tag }} ./artifact/*
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback